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CLAIMS 

Having thus described my invention, what I 
claim as new and desire to secure by Letters 
Patent is as follows: 



1 1. A security device for installation at a node 

2 of a digital network, said security device 

3 comprising 

4 a security/ encryption engine for providing 

5 user transparent communications to another node of 

6 said digital network, and 

7 a programmed data processor including 

8 embedded security policy manager functions for 

9 detecting communications which include 

10 characteristics which differ from characteristics 

11 of normal usage and sending an alarm to said 

12 security/ encryption engine for communication to 

13 another node as said user transparent 

14 communications and for responding to user 

15 transparent communications from another node of 

16 said digital network to control routing of 

17 communications in said digital network. 

1 2. A security device as recited in claim 1, 

2 further including a memory for storing information 

3 corresponding to said user transparent 

4 communication, 

1 3. A security device as recited in claim 1, 

2 wherein said routing of communications isolates a 

3 node of said digital network. 
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1 4. A security device as recited in claim 3, 

2 wherein said control of communications to isolate 

3 a node of said digital network is performed in 

4 real time. 

1 5. A security device as recited in claim 1, 

2 wherein said node and said another node are 

3 hierarchically arranged locally in said digital 

4 network . 

1 6. A security device as recited in claim 1, 

2 further including 

3 means for defining a secure session between 

4 said node and said another node, 

1 7. A security device as recited in claim 6, 

2 wherein said means for defining a secure session 

3 includes means for transmitting information 

4 corresponding to one of an authenticated user and 

5 an identification of a communicating node. 

1 8. A security device as recited in claim 1, 

2 wherein said characteristics which differ from 

3 characteristics of normal usage are 

4 characteristics of a potential attack. 

1 9. A security device as recited in claim 1, 

2 wherein said characteristics which differ from 

3 characteristics of normal usage correspond to a 

4 fault at a node or link of said digital network. 

1 10. A security device as recited in claim 1 

2 wherein said programmed data processor includes a 

3 manager object and at least one managed object 

4 corresponding to each connected node. 
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1 11, A digital network comprising 

2 at least two locking devices at each of a 

3 plurality of nodes of said digital network, 

4 a security policy manager device for 

5 detecting network communications or activity 

6 having some characteristics different from 

7 characteristics of normal usage and providing a 

8 signal to another network node, and 

9 means responsive to a user transparent signal 

10 from another node for controlling said at least 

11 two locking devices to isolate a node selecting 

12 redundant communication paths in said digital 

13 network to maintain network communications between 

14 other network nodes. 

1 12 . A digital network as recited in claim 11, 

2 further including a memory for storing information 

3 corresponding to said user transparent 

4 communication, 

1 13. A digital network as recited in claim 11, 

2 wherein said control of said locking devices to 

3 isolate a node of said digital network is 

4 performed in real time. 

1 14. A digital network as recited in claim 11, 

2 wherein said node and said another node are 

3 hierarchically arranged locally in said digital 

4 network . 

1 15. A digital network as recited in claim 11, 

2 further including 

3 means for defining a secure session between 

4 said node and said another node. 
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1 16. A digital network as recited in claim 15, 

2 wherein said means for defining a secure session 

3 includes means for transmitting information 

4 corresponding to one of an authenticated user and 

5 an identification of a communicating node. 

1 17. A digital network as recited in claim 11, 

2 wherein said characteristics which differ from 

3 characteristics of normal usage are 

4 characteristics of a potential attack. 

1 18. A digital network as recited in claim 11, 

2 wherein said characteristics which differ from 

3 characteristics of normal usage correspond to a 

4 fault at a node or link of said digital network. 

1 19. A digital network as recited in claim 11 

2 wherein said programmed data processor includes a 

3 manager object and at least one managed object 

4 corresponding to each connected node. 

1 20. A method of operating a digital network 

2 including steps of 

3 detecting communications having 

4 characteristics differing from characteristics of 

5 normal usage at a node of said digital network, 

6 communicating a user transparent signal to 

7 another node responsive to said detecting step, 

8 and 

9 controlling communications at said node from 
10 said another node with a user transparent signal. 
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1 21. A method as recited in claim 20, wherein said 

2 step of controlling communications includes steps 

3 of 

4 isolating said node from said network to 

5 encapsulate said communications having 

6 characteristics differing from normal usage, and 

7 routing other communications in said digital 

8 network through redundant links between nodes of 

9 said digital network. 

1 22. A method as recited in claim 20, wherein said 

2 detecting step is performed by a managed object at 

3 a node of said digital network and said 

4 controlling step is performed responsive to a 

5 managed object at said another node of said 

6 digital network. 

1 23. A method as recited in claim 20 wherein said 

2 detecting, communicating and controlling steps are 

3 performed in substantially real time. 

1 24. A method as recited in claim 20, including a 

2 further step of defining a secure session between 

3 a plurality of pairs of connected nodes in a 

4 communication path in said digital network. 



